WIP
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/33c4a484 Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/33c4a484 Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/33c4a484 Branch: refs/heads/master Commit: 33c4a484c263e330d65a6aa7b118805765d93d7e Parents: deb17d9 Author: Jonathan Gallimore <[email protected]> Authored: Wed Oct 24 12:13:20 2018 +0200 Committer: Roberto Cortez <[email protected]> Committed: Fri Dec 7 18:11:19 2018 +0000 ---------------------------------------------------------------------- .../tomee/microprofile/jwt/MPJWTFilter.java | 30 +++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/33c4a484/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java ---------------------------------------------------------------------- diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java index a26bca6..3c49e5e 100644 --- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java +++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java @@ -55,11 +55,16 @@ import java.util.stream.Collectors; // async is supported because we only need to do work on the way in @WebFilter(asyncSupported = true, urlPatterns = "/*") public class MPJWTFilter implements Filter { + + private TomcatSecurityService tomcatSecurityService = null; + @Override public void init(final FilterConfig filterConfig) throws ServletException { - // nothing so far } + + + @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { final Optional<JWTAuthContextInfo> authContextInfo = getAuthContextInfo(); @@ -74,16 +79,11 @@ public class MPJWTFilter implements Filter { try { - final org.apache.catalina.connector.Request req = OpenEJBSecurityListener.requests.get(); + final MPJWTServletRequestWrapper wrappedRequest = new MPJWTServletRequestWrapper(httpServletRequest, authContextInfo.get()); Object state = null; - final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class); - if (TomcatSecurityService.class.isInstance(securityService)) { - final TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService); - state = tomcatSecurityService.enterWebApp(req.getWrapper().getRealm(), wrappedRequest.getUserPrincipal(), req.getWrapper().getRunAs()); - } chain.doFilter(wrappedRequest, response); @@ -135,6 +135,8 @@ public class MPJWTFilter implements Filter { @Override public JsonWebToken apply(final HttpServletRequest request) { + + // not sure it's worth having synchronization inside a single request // worth case, we would parse and validate the token twice if (jsonWebToken != null) { @@ -159,6 +161,20 @@ public class MPJWTFilter implements Filter { } // TODO - do the login here, save the state to the request so we can recover it later. + + final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class); + if (TomcatSecurityService.class.isInstance(securityService)) { + TomcatSecurityService tomcatSecurityService = TomcatSecurityService.class.cast(securityService); + final org.apache.catalina.connector.Request req = OpenEJBSecurityListener.requests.get(); + Object state = tomcatSecurityService.enterWebApp(req.getWrapper().getRealm(), jsonWebToken, req.getWrapper().getRunAs()); + + request.setAttribute(); + } + + + + + // TODO Also check if it is an async request and add a listener to close off the state return jsonWebToken;
